CompTIA
CAS-003 · Question #469
CAS-003 Question #469: Real Exam Question with Answer & Explanation
The correct answer is A: CPU, process state tables, and main memory dumps. Shutting the computer down means complete loss of forensic evidence within the “A” This means likely loss of indicators of compromise to determine ransomware encryption “D”
Question
First responders, who are part of a core incident response team, have been working to contain an outbreak of ransomware that also led to data loss in a rush to isolate the three hosts that were calling out to the NAS to encrypt whole directories, the hosts were shut down immediately without investigation and then isolated. Which of the following were missed? (Choose two.)
Options
- ACPU, process state tables, and main memory dumps
- BEssential information needed to perform data restoration to a known clean state
- CTemporary file system and swap space
- DIndicators of compromise to determine ransomware encryption
- EChain of custody information needed for investigation
Explanation
Shutting the computer down means complete loss of forensic evidence within the “A” This means likely loss of indicators of compromise to determine ransomware encryption “D”
Community Discussion
No community discussion yet for this question.